From patchwork Wed Nov 7 11:51:58 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 1710341 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 6710C3FC8F for ; Wed, 7 Nov 2012 11:52:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754496Ab2KGLwI (ORCPT ); Wed, 7 Nov 2012 06:52:08 -0500 Received: from mail-yh0-f46.google.com ([209.85.213.46]:41962 "EHLO mail-yh0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754248Ab2KGLwI (ORCPT ); Wed, 7 Nov 2012 06:52:08 -0500 Received: by mail-yh0-f46.google.com with SMTP id m54so280651yhm.19 for ; Wed, 07 Nov 2012 03:52:07 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=l4efY5SEr4ApVAvhuJ2vrCrvTSlIzSeqsuGoq/zRPLM=; b=niRFyWLwGx5EHozeyxeh6w/OzWXwBSPwjntXuS0pSKB9YfeH/G34L6pqLlPcDMi6Bj SctfPvz3AYnCcqQBqe20K3Se9gv0Xmyko2qFZhAV+TOKGB/5RN6YqNh21q409gOIjfL1 MlqhCW1fGk/3cStmKP4WUEVK0onhPKeeRZ3p7505opreo+gTpii1pxu/2HFQss6kZTsY 7zvvV1ubBQJltYEEoOAMzN8Cw2bk13BJBw38mxJkLzFKzeIdZ4poK5Y+o+B5KrkTo9Wb F7HECHoMwshrcAjTX4G8uLfGyDLHe2h/pgvDjf/MyYahsZANrGX4+AcBQZa6L7/MkH39 1c/w== Received: by 10.101.139.38 with SMTP id r38mr1249887ann.29.1352289127471; Wed, 07 Nov 2012 03:52:07 -0800 (PST) Received: from salusa.poochiereds.net (cpe-107-015-110-129.nc.res.rr.com. [107.15.110.129]) by mx.google.com with ESMTPS id h16sm21433217ani.0.2012.11.07.03.52.05 (version=SSLv3 cipher=OTHER); Wed, 07 Nov 2012 03:52:06 -0800 (PST) From: Jeff Layton To: linux-cifs@vger.kernel.org Cc: shirishpargaonkar@gmail.com Subject: [PATCH 1/3] getcifsacl: fix endianness bug in getcifsacl and add better bounds checks Date: Wed, 7 Nov 2012 06:51:58 -0500 Message-Id: <1352289120-29327-2-git-send-email-jlayton@samba.org> X-Mailer: git-send-email 1.7.11.7 In-Reply-To: <1352289120-29327-1-git-send-email-jlayton@samba.org> References: <1352289120-29327-1-git-send-email-jlayton@samba.org> X-Gm-Message-State: ALoCoQmhdIuZUO1GTT0YVINmIiGImz8PbFwjInMLE4nEbARqwY84q+A6CLazbnG9MI7lCSRFDqnj Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org getcifsacl must convert the access_req field from little endian. Also, we should ensure that the "size" field in the ACE is reachable before trying to access it. Signed-off-by: Jeff Layton --- getcifsacl.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/getcifsacl.c b/getcifsacl.c index b832c50..c576fc0 100644 --- a/getcifsacl.c +++ b/getcifsacl.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -235,7 +236,15 @@ print_sid_raw: static void print_ace(struct cifs_ace *pace, char *end_of_acl, int raw) { - /* 16 == size of cifs_ace sans the cifs_sid */ + uint16_t size; + + /* make sure we can safely get to "size" */ + if (end_of_acl < (char *)pace + offsetof(struct cifs_ace, size) + 1) + return; + + size = le16toh(pace->size); + + /* 16 == size of cifs_ace when cifs_sid has no subauths */ if (le16toh(pace->size) < 16) return; @@ -250,8 +259,7 @@ print_ace(struct cifs_ace *pace, char *end_of_acl, int raw) printf("/"); print_ace_flags(pace->flags, raw); printf("/"); - print_ace_mask(pace->access_req, raw); - + print_ace_mask(le32toh(pace->access_req), raw); return; }